A novel encryption bug has surfaced recently, which could pose a threat to online privacy. Dubbed “LogJam,” the bug occurs in the TSL (the Transport Security Layer), an encryption protocol used to authenticate servers and conceal the contents of secure web activity (like your bank login).

While patches are in the works for most major browsers, the fix may leave thousands of web-servers inaccessible until they’re upgraded with corrected code.

A Military Legacy

Unlike most security vulnerabilities, which are caused simply by programmer oversight1,000 iOS Apps Have Crippling SSL Bug: How to Check if You're Affected1,000 iOS Apps Have Crippling SSL Bug: How to Check if You're AffectedThe AFNetworking bug is giving iPhone and iPad users problems, with 1000s of apps carrying a vulnerability resulting in SSL certificates from being correctly authenticated, potentially facilitating identity theft through man-in-the-middle attacks.Read More, this vulnerability is at least partially intentional. Back in the early 1990’s, when the PC revolution got underway, the federal government was concerned that the export of strong encryption technology to foreign powers could compromise its ability to spy on other nations. At the time, strong encryption technology was considered, legally, to be a form of weaponry. This allowed to federal government to put limitations on its distribution.

As a result, when SSL (the Secure Socket Layer, predecessor to TSL) was developed, it was developed in two flavors – the US version, which supported full length keys 1024 bits or larger, and the international version, which topped out at 512-bit keys, which are exponentially weaker. When the two different versions of SSL talk, they fall back to the more easily broken 512-bit key. The export rules were changed due to a civil rights backlash, but for backwards-compatibility reasons, modern versions of TSL and SSL still have support for 512 bit keys.

Who’s Affected?

The bug currently affects about 8% of the top one million HTTPS-enabled websites, and a large number of mail servers, which tend to run outdated code. All major web browsers are affected except internet explorer. Affected websites would show the green https lock at the top of the page, but would not be secure against some attackers.

Browser makers have agreed that the most robust fix to this problem is to remove all legacy support for 512-bit RSA keys. Unfortunately, this will render some portion of the Internet, including many mail servers, unavailable until their firmware is updated. To check if your browser has been patched, you can visit a site set up by the security researchers who discovered the attack, at weakdh.org.

Attack Practicality

So how vulnerable is a 512-bit key these days, anyway? To find out, we first have to look at exactly what’s being attacked. Diffie-Hellman key exchange is an algorithm used to allow two parties to agree on a shared symmetric encryption key, without sharing it with a hypothetical snooper. The Diffie-Hellman algorithm relies on a shared prime-number, built into the protocol, which dictates its security. The researchers were able to crack the most common of these primes within one week, allowing them to decrypt about 8% of Internet traffic which was encrypted with the weaker 512-bit prime.

This puts this attack within reach for a “coffee shop attacker” – a petty thief snooping on sessions via public WiFi3 Dangers Of Logging On To Public Wi-Fi3 Dangers Of Logging On To Public Wi-FiYou've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks?Read More, and brute-forcing keys after the fact to recover financial information. The attack would be trivial for corporations and organizations like the NSA, who might go to considerable lengths to set up a man in the middle attack for espionage. Either way, this does represent a credible security risk, both for ordinary people and anyone who might be vulnerable to snooping by more powerful forces. Certainly, someone like Edward Snowden should be very careful about using unsecured WiFi for the forseeable future.

More worryingly, the researchers also suggest that standard prime-lengths which are considered secure, like 1024-bit Diffie-Hellman, might be vulnerable to brute-force attack by powerful government organizations. They suggest migrating to substantially larger key sizes to avoid this problem.

Is Our Data Secure?

The LogJam bug is an unwelcome reminder of the dangers of regulating cryptography for purposes of national security. An effort to weaken the United States’ enemies has wound up hurting everyone, and making all of us less safe. It comes at a time when the FBI is making efforts to force tech companies to include backdoors in their encryption software. There’s a very good chance that if they win, the consequences for the coming decades will be just as serious.

What do you think? Should there be restrictions on strong cryptography? Is your browser secure against LogJam? Let us know in the comments!

Even after updating both Firefox and Chrome, both still show up as vulnerable. My IE 11 is updated and still https://weakdh.org/test.html shows as vulnerable regardless of Microsoft stating a patch had already been released for it. According to Toms Guide at http://www.tomsguide.com/us/logjam-web-browser-vulnerability,news-20952.html, Google stated a chrome fix would be within weeks and Firefox stated within a few days. not sure what to make of IE still showing as vulnerable regardless of all updates being applied. Website issue on the weakdh site?